Back Orifice (often shortened to BO) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a play on words on Microsoft BackOffice Server software. It can also control multiple computers at the same time using imaging.
|Developer(s)||Sir Dystic (cDc)|
1.20 / August 3, 1998
|Operating system||Microsoft Windows,|
UNIX-systems (client only)
(source distribution, UNIX client)
|Website||Back Orifice Homepage|
Back Orifice was designed with a client–server architecture. A small and unobtrusive server program is installed on one machine, which is remotely manipulated by a client program with a graphical user interface on another computer system. The two components communicate with one another using the TCP and/or UDP network protocols. In a reference to the Leet phenomenon, this program commonly runs on port 31337.
The program debuted at DEF CON 6 on August 1, 1998. It was the brainchild of Sir Dystic, a member of the U.S. hacker organization Cult of the Dead Cow. According to the group, its purpose was to demonstrate the lack of security in Microsoft's operating system Windows 98.
Although Back Orifice has legitimate purposes, such as remote administration, there are other factors that make it suited for less benign uses. The server can hide itself from cursory looks by users of the system. As the server can be installed without user interaction, it can be distributed as payload of a Trojan horse.
For those and other reasons, the antivirus industry immediately categorized the tool as malware and appended Back Orifice to their quarantine lists. Despite this fact, it was widely used by script kiddies because of its simple GUI and ease of installation.
Two sequel applications followed it, Back Orifice 2000, released in 1999, and Deep Back Orifice by French Canadian hacking group QHA.
- Richtel, Matt. "Hacker Group Says Program Can Exploit Microsoft Security Hole," The New York Times August 4, 1998. Retrieved April 24, 2007.
- "Information on Back Orifice and NetBus". Symantec. Retrieved 8 February 2013.
- Knudsen, Kent (April 5, 2002). "Tracking the Back Orifice Trojan On a University Network" (PDF). sans.org. p. 7. Retrieved April 20, 2018.
The server normally binds to UDP port 31337, but it may be configured to use another port.